Strategic SOC/Cyber Defense Lead with extensive experience in leading and architecting proactive security operations, bridging the gap between Cyber Threat Intelligence (CTI), threat detection engineering, and incident response. Expert in establishing and managing MSOC/Resident SOC teams, building end-to-end detection pipelines mapped to MITRE ATT&CK, and driving an intelligence-led defense strategy. Proven track record in designing, integrating, and optimizing core security solutions (SIEM, SOAR, EDR, TIPs, DRP), developing custom automation and tooling (Python, N8N, "ThreatOps"), and applying DFIR/Forensics for deep-dive investigations. A certified professional dedicated to leveraging strategic leadership and deep technical expertise to build a unified, adaptive, and highly effective cyber defense capability.

"You need to understand what you are protecting"

• Cyber Defense Center - Strategic planning and operations
• Cyber Defense Intelligence - Intelligence-driven defense strategies
• SOC - Security Operations Center management and operations
• DFIR - Digital Forensics and Incident Response
• Cyber Threat Hunting (CTH) - Proactive threat detection and hunting
• Cyber Threat Intelligence (CTI) - Threat intelligence collection, analysis, and operationalization
• Standard Operating Procedure (SOP) - Process development and documentation
• Playbook - Incident response and security playbook development
• Compromise Assessment - Advanced threat detection and eradication
• SOC Assessment - Security operations maturity evaluation
• Threat-Informed Defense - Intelligence-led security strategy

• Advanced Compromise Assessment - Deep-dive threat detection and eradication techniques
• Threat Hunting - Advanced hunting methodologies and techniques
• Forensics - Digital forensics and investigation capabilities

• 🤖 Automated CTI Pipeline: Built comprehensive automated CTI pipeline using MISP, N8n, and Python.
• 🗺️ MISP Galaxy: Designed and published a custom MISP Galaxy mapping ransomware actors to ATT&CK.
• 🔄 n8n Workflows: Built end-to-end enrichment pipelines for MISP events.
• 📊 MISP Analytics: Created interactive Jupyter Notebook dashboards for threat visualization.
• ⚔️ Attack Simulation: Utilized CALDERA for adversary emulation and defense testing.

• 🎓 eCTHPv2 – eLearn Security Certified Threat Hunting Professional
• 🎓 Threat Intelligence Analyst – Group-IB
• 🎓 Cyber Investigator – Group-IB
• 🎓 Belkasoft Windows Forensics
• 🎓 Certified Cybersecurity Educator Professional (CCEP)
• 🎓 Certified Threat Hunting and Incident Response I (CTHIRI)
• 🎓 MITRE ATT&CK Fundamentals Certification
• 🎓 MITRE ATT&CK Security Operations Center Assessment
• 🎓 MITRE ATT&CK Cyber Threat Intelligence
• 🎓 MITRE ATT&CK Adversary Emulation Methodology
• 🎓 MITRE ATT&CK Threat Hunting and Detection Engineering
• 🎓 MITRE ATT&CK Purple Teaming Methodology

• ThreatOps: Custom CTI Automation Platform - Custom-built tool for RSS feed intelligence collection and operationalization
• MISP: Malware Information Sharing Platform - Advanced CTI pipeline and automation workflows
• TheHive: Open Source SOAR - Incident response and threat handling automation
• Threat Hunting Framework - MITRE ATT&CK-based hunting methodologies and detection engineering
• EDR Assessment Guide - Comprehensive evaluation framework for endpoint detection solutions
• CTI Pipeline Automation - End-to-end automated threat intelligence processing and enrichment
• ELK Stack Deployment - Security-focused log analysis and visualization
• C2 Framework Integrations - Purple team testing and detection validation
• Attack Simulation Labs - Controlled environments for threat emulation and hunting
• API-to-QRadar Syslog Middleware - Custom integration solutions

• Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware
• New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector
• Who Approved This Agent? Rethinking Access, Accountability, and Risk in the Age of AI Agents
• CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog
• CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities